<?php
ob_start();
session_start();
$host="localhost";
$username="root";
$password="";
$database="cs4400_group17";

$tbl_name="corkboard";

mysql_connect($host,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$corkboardEmail=$_SESSION['userEmail'];
$corkboardTitle=$_POST['title'];
$corkboardCategory=$_POST['category'];
$corkboardVisibility=$_POST['visibility'];
$corkboardPassword=$_POST['password'];

// To protect MySQL injection
$corkboardTitle = stripslashes($corkboardTitle);
$corkboardCategory = stripslashes($corkboardCategory);

$corkboardTitle = mysql_real_escape_string($corkboardTitle);
$corkboardCategory = mysql_real_escape_string($corkboardCategory);

$query = "INSERT INTO $tbl_name VALUES('$corkboardEmail','$corkboardTitle','$corkboardCategory',NOW())";

$result = mysql_query($query);
if(!$result){
	echo "SOMEHTING WENT FUCKING WRONG";
}

if($corkboardVisibility=='public'){
	$tbl_name = "publiccb";
	$query ="INSERT INTO $tbl_name VALUES('$corkboardEmail','$corkboardTitle')";
} else {
	$tbl_name = "privatecb";
	$query ="INSERT INTO $tbl_name VALUES('$corkboardEmail','$corkboardTitle','$corkboardPassword')";
}

$result = mysql_query($query);
if(!$result){
	echo "SOMEHTING WENT FUCKING WRONG (again)";
}

$tbl_name = "corkboard";
$query = "SELECT * FROM $tbl_name WHERE Email='$corkboardEmail' and Title='$corkboardTitle' and CategoryName='$corkboardCategory'";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);
?>

<!DOCTYPE html>
<head></head>
<body>
	<p>The following Corkboard was added:</p>
	<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
			<tr>
				<td>
					<table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
						<tr>
							<td>Title</td>
							<td>:</td>
							<td><?php echo $row['Title']; ?></td>
						</tr>
						<tr>
							<td width="117">CategoryName</td>
							<td width="14">:</td>
							<td width="357"><?php echo $row['CategoryName']; ?></td>
						</tr>
						<tr>
							<td>LastUpdate</td>
							<td>:</td>
							<td><?php echo $row['LastUpdate']; ?></td>
						</tr>
					</table>
				</td>
			</tr>
		</table>
		<BR>
	<form action = "home.php" method = "post">
		<input type="submit" value="Back to Home" name="backtohome"/>
	</form>
</body>
</html>